|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 43
Members: 0
Total: 43
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
explenation php 2.0.12 forum exploit for newbies |
|
Posted: Thu Jul 10, 2008 8:05 pm |
|
|
inse |
Beginner |
|
|
Joined: Jul 10, 2008 |
Posts: 4 |
|
|
|
|
|
|
|
phpBB 2.0.12 forums hacking Example forum: http://www.illegaaltje.nl/phpBB2/ (on which you can test it LEGALLY)
Foreword In these tutorial go we learn how we phpBB 2.0.12 are possible forums hacken, using exploits which we download.
I do not go further on the term exploiten in or the errors, I will your only learn how we phpBB are possible 2.0.12 forums hacking and I emphasise still even that this illigaal are if this is done without authorisation, and I am nowhere responsible for.
Once you have this under the knee hope I of that you admins will to help destroying forums.
The Exploit Exploit are a script which uses of errors in a forum, this way determined rights be able get if guard word hashish to be able get hold of etc.
Exploits are generally written in C, Perl and in Php, and we will use exploit which has been written in perl.
We must therefore firstly get hold of the exploit to do that we use google, and type: exploit phpBB 2.0.12.
But I go rather to: www.milw0rm.com, 1 of the largest exploit site which I know.
I go there to search and bowl already fast at http://www.milw0rm.com/id.php?id=889.
Oke these are therefore the exploit script we see to `#! /usr/bin/perl' from that layout I that we to do have with exploit which have been written in perl.
Therefore lettuce these script as exploit.pl on c:\ disk. (draft cube > store as > exploit.pl) Download Perl Our exploit need carry out script we use therefore perl.
Now we go to www.google.nl and we type in: Download perl and already rapidly come we on a page and there download we perl. For lazy people onderons here a link: http://www.activestate.com/Products/Download/Download.plex?id=ActivePerl now we perl have downloaded and we have installed further to the real hacken of a forum.
Hacken of the phpBB 2.0.12 forum. Here our example forum is on which you can test it: http://www.illegaaltje.nl/phpBB2/ In my example I use this forum also.
Oke we go ourselves firstly register, pay attention there to that your name but from 1 part exist therefore not `jan piet' can but `janpiet'.
I take nice orginenal in my example the name `UR'. Now we have acount we let us proceed to the hacken, open amount (starts > uivoeren/manage > type and then grapple command). We save our exploit with the name exploit.pl on c:\ disk have stored therefore we type now the following in amount: `cd (without '' natural) and very grapple c:\. And then we type `exploit.pl `and reiteration grapple and get we this. (do not get you this have you perl not well geinstalt or something else)
CODE+++++++++++++++++++++++++++++++++++++++++++++++++++ Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)] i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1: 3128 ++++++++++++++++++++++++++++++++++++++++++++++++++++
oke here are explained how we using therefore we must, firstly the site then the folder where the forum is himself and then our acount name in this case UR Oke now will you that do with you forum, in my example is that http://www.illegaaltje.nl/phpBB2/index.php.
in my example type I in amount `of exploit.pl www.illegaaltje.nl /phpBB2/ UR' And I very grapple.
(such as you sees I replace http:// for www differently give that error and I omit index.php) Now krijg something like that as below:
CODE++++++++++++++++++++++++++++++++++++ Trying to connect to www.illegaaltje.nl/phpBB2/ Forum is vulnerable!!! +++++++++++++++++++++++++++++ Trying to get the user: UR ID… Done… ID=15 ++++++++++++++++++++++++++++++ Trying to give user: UR admin status… Well done!!! UR should now property an admin status. ++++++++++++++++++++++++++++
Now you go to the forum and unwieldly you go up your acount, and to realise you that something (below the forum) in the direction of `adminstratie permits panel' there.
And that is the proof that you are admin, what you do not will do for rest are entirely you choice go along I you to help.
I would tell the admin that its forum safe is not and together for a solution to search.
Epilogue I hope that you have learned of this something, and now forum will search admins help with these wrongly and improve.
Be nowhere responsible for, therefore everything are whole on own risk
srry for my bad english |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|